Why FSOs Are Becoming Even More Essential to Defense Contracting

Between federal budget increases, escalating conflicts overseas, and a massive push to enhance our nation’s cybersecurity posture, the defense contracting industry will rapidly grow over the next few years. By default, so will one of the most crucial positions within a defense contractor’s organization — the Facility Security Officer (FSO).

The words faculty security officer with the FSO in a photo frame with photos of tech inside. The text in black.

What started as a role focused on physical premise security management has now evolved into a multi-functional, highly-essential position that could bring significant loss to an organization if the right person isn’t selected. Between the risk of non-compliance, mismanagement of the security clearance process, or poor deployment of information-security controls, the FSO is ultimately on the hook should something go wrong.

As vital as the FSO has been over the last few decades, it has still managed to grow its importance, even today. That said, if you don’t understand why the position has become so essential to defense contracting and how the responsibilities have evolved, you could make the wrong hiring decision or fail to supply adequate resources to that particular team.

So how exactly is the defense contracting industry changing, and what does it mean for the FSO role?

Trends in the Defense Contracting Industry

Within the industry that the FSO role serves, we see new and growing trends that are shifting how contractors plan and operate. The result of these global and domestic changes, new responsibilities and skill requirements trickled down to the FSO level:  

New compliance requirements

Compliance changes in government contracting are just an assumed evil within the industry. 2023, in particular, is a prominent time for our federal agencies to alter how organizations oversee industrial security clearances, manage sensitive data, and handle reporting activities.

To start, the National Defense Authorization Act (NDAA) for 2023 paved the way for tons of new requirements. For instance, defense contractors supplying commercial components for any weapons system must provide information on their prior sales and terms for those products. There are also new reporting rules about disclosing rare elements used in magnet components to the Department of Defense (DoD), just to name a few. 

On the cybersecurity side, DoD is also expected to expand the rules of the cyber-incident information-sharing program from classified programs to all contractors that manage controlled unclassified information (CUI). The Department of Homeland Security (DHS) will also likely add new requirements for contractors handling CUI and reporting data breaches or similar incidents.  

A boost in R&D defense spending

Since the size of the defense contracting market is entirely dictated by federal budgets, any rise in defense spending will become a sensation within the industry. The fiscal year 2023 will see the DoD budget increase to $816.7 billion, up from roughly $768 billion in 2022. Much of the new spending is focused on research & development (R&D) and modernizing our defense technology. 

In fact, the NDAA announced massive plans for DoD to expand its cyber defense and digital processing capabilities. As part of these new high-priority projects, DoD will issue a massive wave of opportunities to contractors, specifically ones with expertise in data management, artificial intelligence (AI), analytics, and enterprise cloud computing.    

Rise of global conflicts and subsequent cyber attacks

We can’t discuss trends in the defense contracting industry without addressing what’s happening overseas. Between the Russian-Ukraine War, increased tensions between the U.S. and China, and trying to maintain stability in the Middle East, there will continue to be a significant focus on national security preparation. 

The most notable priority—addressing our nation’s cybersecurity program. Both government agencies and commercial organizations are prime targets for our adversaries. While most private-sector attacks are financially motivated through ransomware or network extortion, cyber threats stemming from global conflicts have different objectives, to make our government agencies inoperable and steal highly-sensitive information.

This particular trend will become a double-edged sword for defense contractors. On the one hand, it will create many new opportunities to provide innovative cybersecurity and infrastructure management solutions to government agencies and create weapon systems to help our nation defend itself and our allies. 
On the other hand, cleared organizations will make prime targets for cyber attacks as they will hold some of our nation’s most critical secrets. It’ll also likely force new and tedious compliance guidelines, specifically for cybersecurity management and industrial security clearance activity relating to foreign ownership, control, or influence (FOCI).      

Digital transformations

One of the most fascinating industrial security and defense contracting trends is the shift past what we now consider “legacy” technology. Between all of the advanced software on the market or in development, our country’s desire to outperform adversaries technologically, and the amount of spending dedicated exclusively to digital modernization, the defense contractors must either evolve or fold. One notable instance was two years ago when the Joint Personnel Adjudication System (JPAS) was “sunsetted” for the Defense Information System for Security (DISS). 

Despite how recently that transition took place, there are already new plans for DISS to shut down for the National Background Investigation Services (NBIS) database administered by the Defense Information Systems Agency (DISA). This would let contractors manage background checks, vetting, employee screening, and security clearance processes in one system. As of recently, however, there’s no clear deadline for the DISS shutdown, and the NBIS services are not fully available yet to contractors. 

In addition to moving on past legacy systems, the NDAA expressly indicated technology areas of focus they wish to seek expertise and improve. One of these areas was increasing system accessibility and scalability through more cloud computing. We already saw a massive step in this direction when Microsoft released the approved 365 Government Community Cloud High (GCC High), which gave defense contractors a simplified yet compliant way to access their sensitive data and applications.  

Some of the biggest questions are how AI and machine learning (ML) can help advance our cybersecurity, national intelligence, and defense systems. AI is a powerful tool that can detect anomalies, automate tasks, and discover valuable insights that ordinarily would stay hidden without an intelligent analytics solution. We could see a significant change in how contractors and government agencies operate by applying it to things like surveillance, weapons development, and threat identification.   

The New FSO is Now More Essential Than Ever

All of the trends outlined directly impact the importance and scope of the FSO position. Simply put, the modern-day FSO is becoming more essential to contractors because of all the roles they must now play. In addition to managing on-premise security and facility clearance operations, the job of an FSO now also includes the following:  

Compliance management 

FSOs must closely monitor changes issued by DoD, DHS, and the National Industrial Security Program Manual (NISP) that fall under their umbrella, including industrial security clearance, reporting, facility security, and personnel oversight requirements. They need to understand when any new or updated compliance requirements take effect and coordinate with other teams within their organization to develop and execute a plan of action.

Supporting cybersecurity initiatives

FSOs must work with Chief Information Security Officers (CISOs), IT security departments, and security operations teams to deploy controls that maintain the CIA triad (confidentiality, integrity, and accessibility) of information security. They must also implement a robust cybersecurity program that meets compliance requirements, such as NIST SP-800-207 guidelines for Zero Trust Security, and remain informed on curren

Facilitating IT transformations

Specifically for making digital transformations, FSOs must coordinate with IT operations departments to select and implement specific providers that best meet the defense contractor’s objectives. They must stay current on government initiatives for evolving past legacy systems and on trends relating to innovative solutions, like AI, ML, and newer data management environments. Finally, they must remain informed on all the industrial security technology available to improve facility security and business efficiency.

Enable FSO Success with MathCraft

The FSO is now more critical to defense contractors than ever. With the industry constantly evolving due to significant global and domestic trends, FSOs must adapt their skills to various functions and be equipped with the proper tools to perform their duties effectively. Mathcraft Security Technologies centralizes and simplifies many FSO responsibilities through its end-to-end, compliant industrial-security management platform.  
Contact us today to learn how our industrial-security management software suite helps defense contractors automate security processes with self-service tools, manage sensitive data, and oversee cleared personnel across all facility-security operations.